Astra Linux – Vulnerability in NTP

In NTP versions 4.2.8, 4.2.8p15, and 4.3.x, before 4.3.101, remote attackers could cause a denial of service memory consumption by sending packets. This occurs because memory is not released in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003270)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003270 advisory. The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorre...

PT-2025-39985

Name of the Vulnerable Software and Affected Versions Vasion Print formerly PrinterLogic Virtual Appliance Host and Application VA/SaaS deployments affected versions not specified Description The Vasion Print Virtual Appliance Host and Application contains an undocumented user, printerlogic, with...

PT-2024-13699 · Precor · Precor Touchscreen Console

Name of the Vulnerable Software and Affected Versions: Precor touchscreen console versions P62, P80, and P82 Description: The issue concerns a default SSH public key in the authorized keys file, which could be exploited by a remote attacker to gain root privileges. Recommendations: For Precor...

CVE-2023-36380

A vulnerability has been identified in CP-8031 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support, CP-8050 MASTER MODULE All versions CPCI85 V05.11 only with activated debug support. The affected devices contain a hard-coded ID in the SSH authorizedkeys configuration file...

CVE-2023-43631

On boot, the Pillar eve container checks for the existence and content of “/config/authorizedkeys”. If the file is present, and contains a supported public key, the container will go on to open port 22 and enable sshd with the given keys as the authorized keys for root login. An attacker could...

K37012655: Linux kernel vulnerability CVE-2016-7042

Security Advisory Description The prockeysshow function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection gcc stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allows local users to cause a denial of service stack...

SUSE CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

PT-2022-3945 · Unknown · Control Web Panel

Name of the Vulnerable Software and Affected Versions: Control Web Panel versions prior to 0.9.8.1107 Description: The issue is related to incorrect code generation management in the application. It allows a remote attacker to execute arbitrary code using a specially crafted request. Specifically...

DEBIAN-CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

UBUNTU-CVE-2020-15025

ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service memory consumption by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC algorithm in the ntp.keys file...

PT-2020-2998 · Nts +6 · Ntp +6

Name of the Vulnerable Software and Affected Versions: ntp versions 4.2.8 through 4.2.8p14 ntp versions 4.3.x through 4.3.100 Description: The issue is related to a memory consumption problem in ntpd, which can be exploited by remote attackers to cause a denial of service. This occurs when memory...

CVE-2020-7931

In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorizedkeys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certa...

DEBIAN-CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

The vulnerability of the $HOME/.config/Yubico/u2f_keys authentication file is related to the PAM module Yubico’s pam-u2f, which allows a perpetrator to disclose protected information.

The vulnerability of the $HOME/.config/Yubico/u2fKeys authentication file is related to the lack of protection for service data in the PAM module Yubico’s pam-u2f. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

Extraneous SSH Public Keys added to Authorized Keys file on Linux VM

None None...

Arbitrary File Write

Amendment This was deemed not a vulnerability. Overview org.apache.hive:hive-common is a reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client...